\documentclass{beamer}
\usepackage{hyperref}
\usepackage{listings}
\usepackage{graphicx}
\usepackage{caption}

\usetheme{Ilmenau}
\title{A Look at Copperhead OS \\ Security-focused Android}
\author{Jim Campbell}
\institute{Penguicon!!!}
\date{April 30th, 2017}
\begin{document}

% look at http://faq.ktug.or.kr/wiki/uploads/beamer_guide.pdf for presentation design tips

% here you build the title page
\frame{
 \titlepage
  \begin{center}
	\includegraphics[scale=0.20]{images/copperhead-os.jpg}
  \end{center}
}

% outline
\AtBeginSection[]
{
 \begin{frame}
  \frametitle{Outline}
  \small
  \tableofcontents[currentsection,hideothersubsections]
  \normalsize
 \end{frame}
}

\begin{frame}
    \frametitle{Introduction to Copperhead OS}
    What we'll talk about . . .  \\ \pause
	            \begin{itemize}
	            \item  Background
	            \item  Good for me? Not good for me?
	            \item  Key Features
	            \item  Copperhead IRL
	            \item  Useful F-Droid applications
	            \item  Links / Resources
	            \end{itemize}
\end{frame}

\section*{Background}

\begin{frame}
\frametitle{What is Copperhead OS?}
\begin{itemize}
    \item Security-focused Android based on Android Open Source Project \pause
    \item If phone == car, using Copperhead == putting new engine in car. \pause
	\item Only for Google-branded devices \pause
	\item Supported for as long as Google offers support \pause 
	      \item 5x / 6p - Get version upgrades until Sept of 2017
	      \item 5x / 6p - Security updates until Sept of 2018 \pause
	      \item Pixel - Get version upgrades until October of 2018
	      \item Pixel - Security updates until October of 2019 \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Who Develops Copperhead}
    Lead developer of Copperhead OS is former maintainer of GR Security and
    PaX patches on Arch Linux. \pause

    Started consultancy to provide security services to organizations, and
    to build Copperhead OS protect sensitive mobile communications.
\end{frame}

\begin{frame}
\frametitle{Good For You}
	Copperhead OS is cool if: \pause
\begin{itemize}	
	\item You're a free software enthusiast
    \item You don't want apps that eat personal data and privacy
	\item You can live without Spotify and Snapchat
    \item . . .  or are willing to fuss (i.e., side-load apps)
    \item You like the supported phones (Google Phones)
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Maybe For Someone Else}
	Copperhead may not be the best if: \pause
\begin{itemize}
	\item You want a Libre phone
	\item You want to use Spotify without fuss
    \item You don't want to tinker or device isn't what you want
    \item There's a proprietary app that you have to use for work
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{WHY??}
	Why does this even exist?
\end{frame}

\begin{frame}
\frametitle{Android device support == * Sad Emoji * }
\begin{center}
	\includegraphics[scale=0.30]{images/android-support-63-9.png}
    \item As of this month, 63.9 percent of Android devices get NO updates
\end{center}
\end{frame}

\begin{frame}
\frametitle{But my phone has support!}
    \begin{center}
	\includegraphics[scale=0.33]{images/not-well-supported.jpg}
    \end{center}
\end{frame}


\begin{frame}
\frametitle{Android Security Compromises}
	Even among supported devices, security is less than ideal:
\begin{itemize}
	\item AOSP doesn't always choose most secure defaults \pause 
    \item OEMs are slow to update (at best, 1x/month) \pause
	\item Encryption not always on by default \pause
	\item Default applications don't provide E2E encryption \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Filling This Gap - Hardened OS for well-supported devices}

    \begin{center}
	\includegraphics[scale=0.33]{images/focus.jpg}
    \end{center}
\end{frame}

\begin{frame}
\frametitle{Hardening? What do you mean?}
	What does hardening entail? \pause Let's look at
    \href{https://copperhead.co/blog/}{their blog}: \pause
\begin{itemize}	
	\item Memory disclosure mitigations in CopperheadOS \pause
	\item Hardening Android's Bionic libc \pause 
	\item Separating Android's encryption and lockscreen passwords \pause
	\item Integrating PaX into Android \pause
	\item The State of ASLR on Android Lollipop \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Probably Not Shitty - A Lot is Upstreamed}
    \begin{center}
	\includegraphics[scale=0.33]{images/upstream.png}
    \end{center}
	Source: \href{http://ur1.ca/qd3qv}{AOSP repository} 
\end{frame}

\begin{frame}
\frametitle{What are some of its features?}
    \begin{center}
	\includegraphics[scale=0.33]{images/features.jpg}
    \end{center}
\end{frame}

\section*{Standout Features}
\begin{frame}
\frametitle{A Custom ROM like an OEM OS}
As a custom ROM, they offer features you'd expect from an OEM OS:
\begin{itemize}
    \item Signed OS and signed updates \pause
    \item Verified boot \pause
    \item Device can be OEM locked after install \pause
    \item Does not require root \pause
    \item Can leave "untrusted sources" disabled \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Solid Default Settings}
Configured with privacy-respecting features from the get-go: \pause
\begin{itemize}
    \item Encrypted by default \pause
    \item Notifications hidden \pause
    \item Longer max pasword length (16 char max upgraded to 64) \pause
    \item Others: Navigation error correction, contextual search, network prediction,
    metrics and hyperlink auditing are disabled by default. 
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Additional Features}
And they include security-related features that others don't: \pause
\begin{itemize}
    \item MAC address randomization (where supported) \pause
    \item Can set different login and decrypt passwords \pause
    \item GR Security and PaX patches, but not all of them. \\
          3.10 kernel is old. Old drivers are an issue \pause
    \item Weekly updates, even if phone is encrypted \pause
    \item Can build from source \pause
    \item Can build patch updates from source \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{OS-related Questions?}
    \begin{center}
	\includegraphics[scale=0.33]{images/questions.png}
    \end{center}
\end{frame}

\section*{IRL}
\begin{frame}
\frametitle{What's it like to use it?}
\begin{itemize}
    \item You can install it or you can \href{https://copperhead.co/android/buy}{buy it} \pause
    \item Installing? Docs are great! Even building from source! \pause
    \item Make sure USB-C cable has data pins \pause
    \item USB debugging "USB Configuration" to PTP (Picture Transfer Protocol) \pause
    \item Project Fi and Sprint support are an issue (no data) \\ \pause
          Sprint - binary issue (not good)
          T-mobile - APN issue (config update - Sweet LTE!) \pause
    \item Fingerprint scanner works \pause
    \item No swype, must type. Good autocorrect and prediction \pause
    \item No Lyft == Jim cold and wet in January rain, but I lived \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Some cool uses}
What makes this legitimately *good to use* as a daily driver? 
\begin{itemize}
    \item Sandboxed social media applications \pause
    \item Download youtube videos while on wifi, playback later! \pause
    \item Defaults to DuckDuckGo for web search \pause
    \item Can sync calendar with NextCloud or Sandstorm.io Radicale \pause
    \item Loyalty cards without location tracking. Nice! \pause
    \item Roughly weekly, super-simple updates 
\end{itemize}
\end{frame}

\section*{Applications}
\begin{frame}
\frametitle{What's the application situation?}
FDroid is at least as good as the Microsoft Store \pause
\begin{itemize}
    \item FDroid is getting a major update very soon! \pause
    \item Easy to find applications that use Material Design \pause
    \item Look for ones updated recently \pause
    \item Browse web - 64-bit Chromium  \pause
    \item Secure SMS - Silence or Noise ( . . . a Signal fork) \pause
    \item Twitter - Twidere or SlimSocial \pause
    \item Youtube - NewPipe (stream or download videos locally) \pause
    \item Email - K-9 Material \pause
    \item Calendar / Contacts - Davdroid + Etar  / Default Contacts app
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{A few other applications}
What else is useful?
\begin{itemize}
    \item Maps with turn-by-turn directions - OSM Droid \pause
    \item RSS / News - Newsblur \pause
    \item Podcasts - AntennaPod \pause
    \item Video - VLC \pause
    \item Image Gallery - Gallery \pause
    \item Creatively-named applications like Authenticator and Tasks \pause
    \item Use loyalty cards w/o location tracking! - Loyalty Locker \pause
    \item Can set Chromium web apps on home screen \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Even MORE applications}
These are useful, too!!
\begin{itemize}
    \item Connect to Matrix network - Riot (So good!) \pause
    \item Games - 1010! Konni (self-paced Tetris!) \pause
    \item Passwords - Twik \pause
    \item Github - Forkhub \pause
    \item Facebook - MaterialFBook \pause
    \item Notes - OmniNotes \pause
    \item Weight Tracking - openScale \pause
    \item Two-Factor Authentication - OTP Autheticator \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{OHAI WEB APPZ}
  \begin{center}
    5 months in, I discover \href{https://m.lyft.com}{https://m.lyft.com}
    \includegraphics[scale=0.33]{images/lyft.png}
  \end{center}
\end{frame}

\begin{frame}
\frametitle{What about Google Play Services}
\begin{itemize}
    \item Can use it! \pause if you want to bork your device! \pause
    \item Adding Google Play services wrecks veried boot \pause
    \item Can build Copperhead w/Google Play from source and self-sign, but you're on your own \pause
    \item Can side-load apps, but that's hackish \pause
\end{itemize}
\end{frame}

\section*{Discussion}
\begin{frame}
\frametitle{Discussion}
Let's talk: \\ \pause
\begin{itemize}
	\item How does this stack up with IOS security? \\ \pause
	\item "Bro, do you even compile your kernel?" (Am I just being a privacy bro?) \\ \pause
    \item Would you use this? \pause Encourage someone else to use it? \pause
	\item Other considerations? \\ \pause
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Additional Resources}
\begin{itemize}
    \item \href{https://copperhead.co/}{Copperhead OS Website}
    \item \href{https://github.com/copperhead}{Copperhead OS on Github}
    \item \href{https://www.reddit.com/r/CopperheadOS/}{Copperhead OS forum on Reddit}
    \item \href{https://twitter.com/copperheados}{Copperhead OS on Twitter}
\end{itemize}
\end{frame}

\begin{frame}

Thank you!

-- jcampbell - ate - gnome - dote - org -- 

\end{frame}

\end{document}

